W3C home > Mailing lists > Public > public-credentials@w3.org > November 2022

Re: Google Browser/FedCM team exploring native APIs for CHAPI

From: Harrison <harrison@spokeo.com>
Date: Tue, 22 Nov 2022 13:23:17 -0800
Message-ID: <CAFYh=404g4T8+_RULn5mXYGZW3jTGWg2AAo1GrZpQ5=eYGRWLg@mail.gmail.com>
To: David Chadwick <david.chadwick@crosswordcybersecurity.com>
Cc: public-credentials@w3.org
Congrats!  And big thanks to Dmitri Z. and Manu for making this happen.  We
will work on inviting Sam Goto and the Google FedCM team to present at W3C
CCG in January.


On Tue, Nov 22, 2022 at 12:34 PM David Chadwick <
david.chadwick@crosswordcybersecurity.com> wrote:

> Just to note that OpenID4VCI has always enabled individuals to choose
> their wallet in the cross device flow because the Issuer shows a QR code to
> the user, who chooses which wallet app to scan it into.
> On 22/11/2022 20:02, John, Anil wrote:
> Manu -- This is great to hear!
> Enabling individuals to choose wallet they want to use, and when they want to use a particular wallet is part and parcel of enabling an open, competitive ecosystem with the individual having a clear decision authority.
> To date, with the exception of the CHAPI work, this aspect of the ecosystem has been hand-waved over by folks working on issuance and presentation protocols, so it is refreshing to hear that the Google FedCM team exploring this in more detail -- very much support this direction since we have publicly articulated that we " ... will not require and have no plans to support digital wallets/vaults that require a MOU/business relationship with the wallet/vault vendor, and require the use of proprietary digital wallet/vault APIs" as that is a mechanism "... that can result in a gatekeeper functionality between the Government and its customers".
> Huge shout out to DmitriZ for making this happen -- the first 20 times he (and TobiasL)
> +1
> Best Regards,
> Anil
> Anil John
> Technical Director, Silicon Valley Innovation Program
> Science and Technology Directorate
> US Department of Homeland Security
> Washington, DC, USA
> Email Response Time – 24 Hours
> -----Original Message-----
> From: Manu Sporny <msporny@digitalbazaar.com> <msporny@digitalbazaar.com>
> Sent: Tuesday, November 22, 2022 11:51 AM
> To: W3C Credentials CG <public-credentials@w3.org> <public-credentials@w3.org>
> Subject: Google Browser/FedCM team exploring native APIs for CHAPI
> CAUTION: This email originated from outside of DHS. DO NOT click links or open attachments unless you recognize and/or trust the sender. Contact your component SOC with questions or concerns.
> Hi all, exciting news (and a request for the CCG Chairs below).
> DmitriZ, a handful of IIW attendees, and I had a chat with Sam Goto at the Internet Identity Workshop last week about providing the Credential Handler API[1] (CHAPI) with the necessary native browser API calls to make the experience smoother and browser native.
> Sam has kindly written up where we got to at IIW after multiple meetings and has even implemented a compelling native demo in Chromium demonstrating how we could achieve open wallet selection! There is an explanation of how CHAPI works and how it might integrate with FedCM here (so I won't repeat what's already in the issue in this email, go here to read more):
> https://urldefense.us/v3/__https://github.com/fedidcg/FedCM/issues/374__;!!BClRuOV5cvtbuNI!QNTkGt7iomWK8PZ6nQqd2No0lQlxUV-n2bOdTmxW2fKVBS4bXnyD2fY2Uni_CTrH6nt4$
> The reason this is exciting to the CCG is because there is a very real interest by a browser vendor in making what we call "open wallet selection" natively supported in the browser, primarily through CHAPI.
> It turns out CHAPI has made many of the same design decisions that FedCM has made and that there is alignment for a variety of reasons that have nothing to do with DIDs or VCs.
> Sam believes that we can make progress through Google Chrome "canary"
> releases (nightly experimental builds that all of us can download and use with the new functionality built in). If this happens, Digital Bazaar will commit time and financial resources to using those experimental native browser APIs and integrating them with the CHAPI polyfill to upgrade to a native experience if one exists (while falling back to what's there today in every browser if a native experience isn't possible).
> The next steps are that the Google FedCM team would like to present this idea to the CCG and would like us to come and present about
> CHAPI+FedCM to the FedCM CG.
> So, this is a request to the CCG Chairs to put aside time on an upcoming CCG call to discuss this exciting development with the Google FedCM team.
> -- manu
> PS: Huge shout out to DmitriZ for making this happen -- the first 20 times he (and TobiasL) approached me about it, I was like: "pffff, like that's gonna happen... FedCM cares about existing login flows, not CHAPI." -- See, SteveC, proof that I don't know what I'm talking about from time to time! :P
> [1]https://urldefense.us/v3/__https://w3c-ccg.github.io/credential-handler-api/__;!!BClRuOV5cvtbuNI!QNTkGt7iomWK8PZ6nQqd2No0lQlxUV-n2bOdTmxW2fKVBS4bXnyD2fY2Uni_CXQ9j5Mw$
> --
> Manu Sporny - https://urldefense.us/v3/__https://www.linkedin.com/in/manusporny/__;!!BClRuOV5cvtbuNI!QNTkGt7iomWK8PZ6nQqd2No0lQlxUV-n2bOdTmxW2fKVBS4bXnyD2fY2Uni_CX9eFiG6$
> Founder/CEO - Digital Bazaar, Inc.
> News: Digital Bazaar Announces New Case Studies (2021) https://urldefense.us/v3/__https://www.digitalbazaar.com/__;!!BClRuOV5cvtbuNI!QNTkGt7iomWK8PZ6nQqd2No0lQlxUV-n2bOdTmxW2fKVBS4bXnyD2fY2Uni_CSfH3rKt$

*Harrison Tang*
<https://www.linkedin.com/in/theceodad/> •
<https://twitter.com/TheCEODad>Twitter <https://twitter.com/TheCEODad>  •
<https://www.tiktok.com/@tang_toks> Tiktok
<https://www.tiktok.com/@tang_toks>  •
<https://www.facebook.com/TheCEODad> Facebook
Received on Tuesday, 22 November 2022 21:23:48 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 22 November 2022 21:23:49 UTC